BISSBannerlarge.jpg
Home
Articles/Blogs
White Papers
Reports
The B.I.S.S. Accreditation
Vendor Directory
About Us
Custom Services
Our Clients
Accreditation Presentations
Events
Press Releases
Contact Us
Media Links

A Global Identity Business Case

When reading the SEPA and MiFID directives it is clear that there is an overlap in requirements for a better and more secure method of identifying customers and investors. The incidence of identity theft and fraud are on the increase and on a massive global scale and so far the existing security barriers are not proving effective enough. Hardly a day goes by without news of another theft and another scam using an innocent customer’s identity and more often than not leaving them to pick up the tab.

 

The use of remote purchase mechanisms like the web and with mobile purchasing on the increase the stolen identity problem is going to get worse. The cyber criminal is a very smart and adaptive animal and they have proved over the years to be only one step behind the systems solution providers and this is noted by Thales a leading supplier of security software. According to Paul Meadowcroft at Thales, “It is all about staying one step ahead of the fraudsters. Security for face-to-face transactions has been considerably enhanced following the introduction of EMV Chip and PIN across Europe, but this technique now needs to be extended into the online environment for so-called ‘card-not-present’ (CNP) transactions. Put simply, the card needs to be put back into CNP transactions. While some UK banks have already taken this approach by introducing standalone smart card readers for online banking customers, two-factor authentication techniques now also need to be introduced for e-commerce in order to stem the increasing losses from online fraud.”

 

There are now weaknesses being exposed in the ‘chip and pin’ system, which is another blow for the security of the customer. The growth of chip and pin fraud is attracting media attention and is obviously a concern for the world population as cards take over from cash as the preferred method of payment.

 

The implementation of SEPA and the following introduction of operational efficiencies between banks and their customers must include enhanced security of transactions. However, the more streamlined and efficient an operation is, frequently goes hand-in-glove with a relaxation of procedures to double check data. Faster processing is often at the expense of its in-house credit checks and authorisation processes, which will favour the criminal. Speed is often of the essence but should never be at the expense of security.

 

“Indeed, creating efficiencies and speeding up the payment transaction cycle is an ongoing goal for the industry. However, an increase in speed cannot lead to a compromise in security. The UK’s Faster Payments Scheme (FPS) introduced in May this year is a prime example. The FPS did away with the three-day lag period for phone, internet and standing order payments and means that payments now have to be processed in a matter of hours. Financial institutions therefore had to overcome the challenge of receiving a payment instruction from a variety of different channels and strongly authenticating the person to prove they are who they say they are within a severely shortened transaction processing time. In order to overcome this challenge, many banks have turned to two-factor authentication so that they can manage the authentication process ahead of the transaction being processed. By making customers strongly authenticate themselves using an unconnected smart card reader, the banks have the identity confirmation required before the transaction is initiated.” Says Paul Meadowcroft

 

 

For most financial services firms the first check for a customer is within their ‘know your customer’ (KYC) systems. MiFID compliance requirements have set a benchmark for a very detailed set of customer data to be captured and the procedures around the system have become quite disciplined, a similar experience will be found within SEPA and the payment banks. So both the securities treasury operations and the subsequent payment systems could be working in tandem using a single set of the customer’s data but in parallel.

 

Today many financial services firms are operating in silos and the databases often do not have horizontal use so if more than one set of client data is maintained there is the obvious potential of error and therefore much effort is given to cleanse and match data. To avoid mismatched data it seems logical that both the payments and securities data should come from the same database source or a central distributer. Unfortunately this problem is market wide and global, creating operational inefficiency and cost and not least is a frustration for the customer. As the industry increases its data standards the issue shifts to how to produce consistency and a central repository would appear the solution. Deficiency of service for the customer will force them to move their business. On the face of it the solution looks extremely difficult if not impossible but is this case?

 

The end game to the growing identity crisis and the solution to inefficiency and cost issues within financial services is to create a single entity and customer identifier. The creation of the corporate entity identifier could begin in the industrial world and be taken down to an individual account and fund level. This alone would bring huge benefits to the finance industry.

 

“While this approach makes sense, many financial institutions may struggle to know how to uniquely identify people at an individual level. Yet, a standard does already exist in the world of public key cryptography which could also be used to identify funds, accounts or even people. In public key cryptography, every key carries an ‘object identifier’ (OID) which uniquely identifies any object with a sequence of numbers. This standard way of building numbers to uniquely identify objects could be used to identify individuals and the keys which represent them in their various online transactions with financial institutions.  This makes processing of transactions more accurate and reliable,” concludes Paul Meadowcroft.

 

It appears for once the European Parliament have got it right with the acceptance that global identifiers are needed but they fall short of being prescriptive in producing the energy that would push the finance industry to fund the solution. Escalating criminal activities within global financial services is a massive problem and the ongoing development of remote payments and e-invoicing, only increases the potential for even more fraud. We know through Thales that the technology does exist to keep financial services at least a lap ahead of the criminal and its about time serious investment in new preventative systems were made.   

 

By Gary Wright, M.S.I.

ã B.I.S.S. Research Ltd 2008  UK Registered Company Number:03369427  

Registered Address: 3 Northwood Gardens, Clayhall, Ilford, Essex,IG5 0AH Disclaimer 

Fasthosts powered web hosting